Mailenable not marking Zen CSS and cbl spam as spam.

Raise/discuss any potential issues with MailEnable for consideration in project issue register.
Post Reply
Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Mailenable not marking Zen CSS and cbl spam as spam.

Post by Steevo » Wed Feb 06, 2013 4:48 pm

I am running the free standard version on two low volume servers.
I configured cbl.abuseat.org on both and set them both to mark the mail as spam.

I have two other dnsbls set to not accept the mail and they are both seeming to be working, I see rejections in the logs.

But the mark the mail as spam for the cbl.abuseat.org is not working.
I have inbound mail received that when I look it up on
http://cbl.abuseat.org/lookup.cgi
it shows listed. But the spam was not marked as spam by mailenable.

I just changed to not accept the mail on that dnsbl too. I will be watching this for a day to see if I see rejections in the logs.

Query zone: cbl.abuseat.org
Query result: 127.0.0.2

So mailenable should be rejecting mail whose IP returns a result of 127.0.0.2. Notice my other post where I asked in mailenable used a response as 127.0.0.3 as positive, because that's the response from an SBL zone.

I haven't received a response to that post.
Last edited by Steevo on Fri Aug 09, 2013 9:40 pm, edited 1 time in total.

gianfranco.foresi
Posts: 6
Joined: Sat May 04, 2013 8:24 am

Re: Mailenable not marking cbl spam as spam.

Post by gianfranco.foresi » Sat May 04, 2013 8:56 am

I've a similar problem.
after upgrade from version 6.xx to 7.6
Mailenable is not able to correctly filter spam based on zen.spamhaus.org
xbl and pbl lists are ignored (not working) while sbl seems to work correctly.
As a result spam as increased significantly.
On monday I'm going to do further tests.

gianfranco.foresi
Posts: 6
Joined: Sat May 04, 2013 8:24 am

Re: Mailenable not marking cbl spam as spam.

Post by gianfranco.foresi » Sun May 05, 2013 8:10 pm

After a new test it seems to work.

gianfranco.foresi
Posts: 6
Joined: Sat May 04, 2013 8:24 am

Re: Mailenable not marking cbl spam as spam.

Post by gianfranco.foresi » Sun May 05, 2013 8:57 pm

In reality many Messagese whose IPS are associtated to Spamahaus blacklist are delivered
For istance:
http://www.spamhaus.org/query/ip/178.120.230.223

Some Ips (very few are blocked) for istance this one:
http://www.spamhaus.org/query/ip/190.43.115.211

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking cbl spam as spam.

Post by Steevo » Sun May 05, 2013 10:18 pm

I have the same problem. I hope the Mailenable company will respond. This has been going on for a while. Months.

You would think they would be concerned.

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking cbl spam as spam.

Post by Steevo » Sat May 11, 2013 4:33 pm

Can a mailenable employee please address the spam blocking using DNSBLs in this thread?
It's not working and we are drowning in spam. Or some users are.

Hello? Is anyone there?

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: Mailenable not marking cbl spam as spam.

Post by MailEnable » Wed May 15, 2013 5:42 am

Our tests indicate that this is behaving correctly.
These issues are very difficult to diagnose because you would need to be certain of the response that is returned by the BL provider at the exact time the request was issued (because the addresses can be added and removed between tests by the BL provider).

We have investigated and checked tested the request and response to the provider and there does not seem to be any problem; so the possibilities are:

1. The entry did not exist in the BL at the time
2. The entry existed in the BL (and somehow or another) the provider did not report correctly
3. The lookup was somehow cached and even though the entry existed in the BL, the lookup was returned from the cache of an intermediary
4. There is somehow a misconfiguration or problem with your registry that is preventing the blacklist mentioned from being called (but if that was the case it would fail every time)
.. I think those are the only options

Typically these issues are best raised as defects via the ticket system - that way they are dealt with more efficiently - because they require logs and sometimes tests within the environment itself.
Regards, Andrew

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking cbl spam as spam.

Post by Steevo » Wed May 15, 2013 3:48 pm

Andrew,
Is there a version when these dnsbl response codes were correctly handled? Before which they were not?
I am not sure what versions I have running, I upgraded but had to downgrade because there was a problem. I could not send mail.

You said the same thing, I should raise a ticket.
As far as I can tell your ticket system is a paid service and I just don't have the ability to pay per incident for this type support.

So I could not use your ticket system. If that is not your intention and I am supposed to be able to raise a ticket without a credit card you will have to fix that so it works or explain how it works. As far as i can tell that system wants a credit card.

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking cbl spam as spam.

Post by Steevo » Fri Aug 09, 2013 8:37 pm

I am still having a problem with spammers getting through.
I have looked in the logs and I have many instances where spam was rejected, correctly.

But 206.214.67.186 is a current sending IP. 206.214.67.187 too, obviously the same spammer.
http://www.senderbase.org/lookup?search ... 214.67.187

I have checked these addresses and they are not listed in spamcop, which I have configured, and they are not in CBL which I have configured, but they are in Spamhaus ZEN, in the CSS component for snowshoe spammers.

Blocklist Lookup Results
206.214.67.186 is listed in the SBL, in the following records:
SBLCSS

206.214.67.186 is not listed in the PBL
206.214.67.186 is not listed in the XBL


CSS works like this:
Using CSS in your spam filtering

CSS is an integral part of the SBL (and therefore part of ZEN). CSS data is distinguished only by a different SBL return code (127.0.0.3 as opposed to normal SBL records which use 127.0.0.2). If you are already using the SBL or ZEN you should not need to do anything except ensure that your spam filter handles the additional 127.0.0.3 return code.


Are you guys absolutely sure this is working? Mailenable should accept a 127.0.0.3 return code as a yes answer for spam.
ZEN should be stopping this spam, and the volume is getting pretty high. I have one user who has 350 spam every morning. I have to resolve this problem.

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking Zen CSS and cbl spam as spam.

Post by Steevo » Tue Aug 13, 2013 6:22 pm

Hello? Is anyone there?

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: Mailenable not marking Zen CSS and cbl spam as spam.

Post by aahq » Thu Aug 15, 2013 11:40 am

Steve,

I have set up my "anti spam" slightly differently with Mail Enable using the Spam Assassin software and a batch file pickup event. If you check under my username there is some pretty complete instructions on this alternative method.

I have like a "close to zero" spam issue (I catch 1000's every day) and I can see the "mark up" on every message, stored in a directory. I can see what you are getting at here, but if I had this issue, I would be presenting the "marked up" mail examples to Mail Enable, Spamhaus, Spam Assassin to work out where the issue actually is.

Presenting full examples does help and get's you more airtime with everyone. ME has been pretty good with me with my "defects" when I have presented a strong case, with examples.

Anyhow, have a look at this. A new method of dealing with the spam may be the answer.

Scott

-----
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
xxxx.xxxx.xxxx
X-Spam-RelaysUntrusted:
X-Spam-Level: *******************************
X-Spam-Status: Yes, score=31.8 required=5.8 tests=ANY_BOUNCE_MESSAGE,BAYES_99,
BOUNCE_MESSAGE,DCC_CHECK,LONG_TERM_PRICE,TVD_STOCK1 shortcircuit=no
autolearn=spam version=3.2.3
X-Spam-Report:
* 7.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.0 LONG_TERM_PRICE BODY: LONG_TERM_PRICE
* 3.8 TVD_STOCK1 BODY: TVD_STOCK1
* 6.0 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
* 7.0 BOUNCE_MESSAGE MTA bounce message
* 7.0 ANY_BOUNCE_MESSAGE Message is some kind of bounce message

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking Zen CSS and cbl spam as spam.

Post by Steevo » Thu Aug 15, 2013 3:49 pm

For anyone who wants to investigate Scott's procedure I think it's here:
http://forum.mailenable.com/viewtopic.php?f=7&t=24726

Scott, I heard it was possible to use Spam Assassin with ME, but I am using the standard edition.
Not sure if it works with that (it probably does)

I am just trying to use the DNSBLs for spam blocking, it's safe from false positives if you are selective to use only blocklists that are safe. I realize SA does some nice header scoring but I am not trying to get Bayes running.

In your example you have DCC, did that come with SA? I'd love to use that, since I think it's safe from false positives.

Even though Ian has tested and says things are working as designed I still have spam in my inbox that does come back listed on a DNSBL that I am using (ZEN). But ME lets it through.

Course the problem with all this is the ZEN lookup records have no time/date so I can't tell if it was not listed 2 minutes ago, but it is now. Since ZEN is likely a manually created zone it is unlikely it is changed *that often*.

So my problem remains. ME is not marking spam properly, and I don't know why.

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: Mailenable not marking Zen CSS and cbl spam as spam.

Post by aahq » Fri Aug 16, 2013 6:00 am

Hi Steve,

I have ME Enterprise and Spam Assassin is awesome for a 100% free product.

If you have the option for the "MTA Pickup Event" then you could set up Spam Assassin as I have done. I think your problems will go away. The inbuilt ME anti spam stuff sort of works but it is really only 1/10 of solving the spam issue.

I am happy to go offline with you and show you remotely how I have it set up in my testing environment.

Scott

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: Mailenable not marking Zen CSS and cbl spam as spam.

Post by aahq » Fri Aug 16, 2013 8:12 am

Actually, now that I think about it, there will be an issue. I am pretty sure that Mail Enable Standard does not have filters so you SA will mark it up and the batch file would send it through the system but the filter is where it get's marked up as "junk" or "quarantined".

You could still get away with using grep or something to add the X-ME-Content: Deliver-To=Junk into the header of the message before copying back to the queue. This would be the poor mans solution.

Scott

Steevo
Posts: 50
Joined: Fri Jul 15, 2005 4:45 pm

Re: Mailenable not marking Zen CSS and cbl spam as spam.

Post by Steevo » Sun Aug 18, 2013 3:58 pm

aahq wrote:Actually, now that I think about it, there will be an issue. I am pretty sure that Mail Enable Standard does not have filters so you SA will mark it up and the batch file would send it through the system but the filter is where it get's marked up as "junk" or "quarantined".

You could still get away with using grep or something to add the X-ME-Content: Deliver-To=Junk into the header of the message before copying back to the queue. This would be the poor mans solution.

Scott
Which brings up another bug, the version I have does indeed have that mark a spam function, it's selectable in the setup, but it does not work. I have had that on and off and I have never seen ME mark any messages as spam even though that is a valid setting, with examples in the setup. I am sure it does reject messages that are looked up in the configured DNSBLs. Just not all of them because of the return codes.

I wonder if the ME guys know that does not work on standard edition?

I realize with ME Standard being "free" they consequently give it less attention, but being free of obvious bugs is a pretty reasonable expectation, even for "free software". If you can't give a free product ordinary care in this manner you should charge for it so you can. If you don't it hurts your karma.

Post Reply